The client already had the 'session' key, he co-derived it based on the Pre-Master key, Pre-master secret, some random numbers, pseudo-random functions, and a lot more mess....
The AP sends an empty EAPOL message signed with the MPPE Send-Key (session key) after they are derived. This is for the client to verify the keys are identical, not to receive the key. Andrew -----Original Message----- From: Akash Malhotra [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: [BAWUG] 802.1 X key exchange Hi I have a question ) In 802.1x Client ---------------- AP--------------RADIUS SERVEr Challenge text ( EAP-TLS) case : When certificates are authenticated sucessfully Radius server gives a MASTER KEY TO AP. Then AP generates a session key, encrypt session key with MASTER KEY and send it to client. Then session keys are used in communication between client and AP. My question is HOW DOES CLIENT DECRYPT THE PACkET SEND BY AP TO GET "SESSION KEY". According to my understanding client should also have MASTER KEY to decrypt the packet in order to obtain the session key. If I am worng do correct me otherwiser I would appreciate if anybody share light on this problem. Thanks Akash Malhotra -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
